The Tea app, a women-only dating and safety platform, has suffered a serious data breach that exposed tens of thousands of user images, including sensitive identity documents such as selfies and driver’s licenses.
According to early reports, the breach originated from a legacy system containing user data from over two years ago. The files were stored in an unsecured public server, which made them accessible without proper protection.
In total, around 72,000 images were accessed:
- 13,000 personal verification photos, including government IDs and facial selfies
- 59,000 publicly shared images from posts and messages inside the app
Some of this content has reportedly been leaked on 4chan, an anonymous messageboard, where users shared screenshots of the materials. The leak has raised serious concerns about digital privacy and security, especially given the sensitive nature of the app’s services.
App Focused on Safety
The Tea app was built as a women-centered platform where users could anonymously share dating experiences and warnings about potential risks. As part of its safety model, the app requires users to verify their identity with photos or official documents.
Although the app includes privacy features like screenshot blocking, this incident has revealed vulnerabilities in its backend infrastructure that had gone unnoticed.
Company Response
Tea’s parent company has confirmed the breach and said that it only affects archived data from the old system. So far, there is no evidence that current user accounts or active data were involved. The company has launched a full investigation and is working with cybersecurity experts to assess the situation.
“We deeply regret this incident and are working diligently to ensure it never happens again,” a spokesperson said.
Users have been advised to remain cautious, monitor their accounts, and be alert for any signs of identity theft or fraud.
Broader Industry Concerns
The incident highlights growing concerns about data protection in niche social apps, especially those that require personal verification for safety purposes. As more platforms adopt identity checks, experts say there needs to be greater focus on secure storage, data minimization, and long-term protection of user information.
